Date: Thu, 3 Aug 2023 22:57:13 +0200 From: tuexen@freebsd.org To: Bakul Shah <bakul@iitbombay.org> Cc: Zane C B-H <v.velox@vvelox.net>, net@freebsd.org Subject: Re: Is there a FreeBSD equivalent of 'tcpdump -i any' from Linux? Message-ID: <74AC6F31-A287-4F34-AA2E-E2CA0E4F7819@freebsd.org> In-Reply-To: <196DA088-B99A-4A54-B06F-ACA0641C7559@iitbombay.org> References: <826851ce2108b23515f81a8aca8d9b0e@vvelox.net> <196DA088-B99A-4A54-B06F-ACA0641C7559@iitbombay.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> On 3. Aug 2023, at 19:18, Bakul Shah <bakul@iitbombay.org> wrote: >=20 > Not quite what you asked for but I recently found = https://github.com/gcla/termshark -- it seems to be like wireshark but = for a terminal window. Like tcpdump it has the -D option that will = return a list of interfaces. If you are handy with go programming, you = may wish to consider enhancing it to listen to multiple interfaces. It = is under 1400 lines of code. May be you can use one goroutine per = interface and then each can feed packets to the display goroutine over a = go channel. [I haven't actually dug into the code, but this is how I = would go about it -- but first check that libpcap is reentrant] termshark can use dumpcap for capturing, which already supports multiple = interfaces. So it would be a matter of passing the right parameters to dumpcap. Best regards Michael >=20 >> On Aug 1, 2023, at 11:21 AM, Zane C B-H <v.velox@vvelox.net> wrote: >>=20 >> So what is a good way to get all packets passing through that the = kernel currently sees? Apparently any is not support on non-Linux = systems and pflog would require adding log to all rules. Similarly only = logs packets that match a rule. >>=20 >=20 >=20
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?74AC6F31-A287-4F34-AA2E-E2CA0E4F7819>